EU Commission Bans Internal Messenger Groups After Cyberattacks

The European Commission has ordered its most senior officials to shut down internal group chats on the encrypted messaging app Signal following a series of cyberattacks and espionage attempts targeting EU institutions.

The directive specifically affects department chiefs and their deputies, who were instructed to dissolve the group chat after the Commission became aware of its existence in March 2026. While officials stated there is no evidence that any member of the group had been intercepted, the order was issued as a preemptive measure due to escalating security concerns regarding messaging applications within the institution.

Escalating Cyber Threats and Phishing

The crackdown on encrypted messaging follows a period of heightened vulnerability for EU communications. In late March 2026, the European Commission reported it was investigating a cyberattack on its official websites. This incident coincided with other security breaches, including a private telephone conversation between an EU official and a reporter from Politico that was intercepted and published online in March 2026.

Security officials have identified sophisticated phishing campaigns aimed at senior bureaucrats and members of commissioners’ cabinets. These attacks involved messages designed to trick users into revealing their Signal PIN codes, which would allow attackers to seize control of their accounts.

While the focus of the recent shutdown was on Signal, reports indicate that users of WhatsApp have also been targeted by hacking attempts, although such attacks have been more frequent on Signal in recent periods.

The Technical Limit of Encryption

The move highlights a critical tension in cybersecurity: the difference between encrypted transit and end-device security. Although Signal is widely regarded as a secure option for communication, the security of the encrypted tunnel is irrelevant if the physical device is compromised.

Signal is pretty secure, but if an attacker owns your phone, they might have access to your chats, including your pictures and everything else you have on your phone

Sven Herpig, cybersecurity and emerging threats researcher at the German think tank Interface

Herpig noted that cyber operations from both foreign governments and data-hungry criminals are increasing in both quality and quantity. He emphasized that politicians and political parties have long been primary targets for espionage, making the security of their communication tools a high-priority risk.

Institutional Response

The European Commission does not officially comment on its internal security procedures, but the decision to ban these specific group chats reflects a growing nervousness in Brussels. The institution is currently grappling with multiple spying allegations and the need to secure digital infrastructure against state-controlled cyber operations.

The current security environment suggests a shift toward more restrictive communication protocols for high-ranking officials to mitigate the risk of targeted digital espionage, especially as the sophistication of phishing and device-level attacks continues to evolve.